Scam Investigation: Fraud Bank Text Message || Human Error

Figure 1

Alluring the victims with the fake monetary honeypot is the infamous way of Phishing. I am sure that most of you have already encountered the messages and E-mails as shown in the screenshot (Figure 1). Human error is the major factor behind the success of these fraudulent efforts. The fire of Digital era and lack of security awareness simultaneously contributes to the success of digital scams. As per the Verizon Data Breach Investigations Report, 70% of cyber attacks use a combination of phishing and hacking. For a common person, it’s difficult to differentiate between genuine and fake messages when appropriate levels of Social Engineering is done by scammers.

Through a Fake message investigation (You can also see the complete investigation video on my channel CodewithVamp), I will try to explain what can happen if you try to open any of the links sent along with messages or Emails. I would like to highlight one point here, I never encourage anyone to open any links from untrusted senders. This investigation was performed in a controlled environment.

1- First approach always starts from common sense. Do I have a Credit card? Do I have my account in Kotak Bank? Should I cross-check the information from the official page? The message is from an official email or public domain? In any case, should I blindly click on a link? Don’t lose your common sense in thirst of temptation.

2- Second approach towards any untrusted message or Emails is to look for common errors or mistakes done by scammers like misspellings and grammatical errors (“Cash by click here” in the above screenshot). Any of the Bank organizations or institutions would never make these silly mistakes.

Figure 2

3- If the scammer has made a foolproof plan then my next target is to investigate the link attached with a message or E-mails. Most of the time you won’t be seeing the actual link because everyone nowadays uses “URL shortening” tools easily available online (Like Bitly). Fortunately, we have “URL un-shortening” tools also available which can help you to look into the actual URL attached with the Email. Look what I found after un-shortening the URL (Figure 2). The actual URL is having some strings “FreeRewardPointsRedeem” which is not even close to the official email of Kotak banks. At this point, you should stop digging for more and report this URL but just for demo purpose, I am continuing to the next step.

Figure 3

4- The next step that should be avoided in any case would be clicking on the link attached with the message. I was curious to see the consequences as I was working in a controlled environment. Fortunately, the link landed me on a beginner-level phishing page shown in Figure 3 & 4. Even though this page looks fake for obvious reasons still most people fall into the trap and lose their credentials.

Figure 4

5- Have a look at each of the suspicious user input fields like “Enter your email password”, “Enter your CVV”, “Enter your MPIN”, “Enter your Card Number”. No Bank authority would ever ask you for this confidential information. The truth is the moment you enter your credentials and click on Redeem, all your data would be remotely transferred to the scammer. If you are thinking that without OTP they can’t do any transaction then you are very wrong. One can do an international transaction without OTP or PIN. All you need are your card details such as Card number, Date of Expiry, and CVV. If you are using a Payment Gateway outside India they are not bound by the RBI mandate hence they may not require OTP authentication. I have already reported this URL after investigation. That’s why the page is down now and flagged as a malicious site. We must spread the knowledge of awareness to those who are newbies to this Digital era. Let’s raise our hands together for a better and secure internet.

!! Stay Curious Stay protected !!

Let’s get connected:

Complete investigation video on: https://youtu.be/3tqNthMxar4

LinkedIn: https://www.linkedin.com/in/vaibhav-kumar-srivastava-378742a9/

ERP Expert | Masters in Information Security